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IN THE CLAIMS : 

A listing of the status of all claims 1-26 in the present patent application is provided 

below: 

1 . (Currently Amended) A computer implemented method for use in compliance 
management, comprising: 

presenting, via a computer network, a user with a series of questions relating to at 
least one business category; 

soliciting, via the computer network, a response from the user for each question 

presented; 

determining a detection index based on the number of responses, and 
corresponding answers, to each of the series of questions; 

determining an occurrence index based on the potential consequence of non- 
compliance; 

determining a standard severity risk index based on the expected severity of non- 
compliance; and 

prioritizing, via the computer network, the at least one business category based on 
the user's responses and at least one total risk score comprising the product of the detection, 
occurrence and standard severity risk indices ; and 

displaying the prioritized at least one business category and at least one total risk 

score . 

2. (Currently Amended) The computer implemented method of claim 1 wherein 
the user response comprises a "Yes" or "No. 

3. (Currently Amended) The computer implemented method of claim 1 wherein 
the at least one standard severity risk index comprises a number between 1 and 10 corresponding 
to a specific level of risk. 

4. (Currently Amended) The computer implemented method of claim 3 wherein 
the number "1" comprises the lowest level of risk severity, and the number "10" the highest level 
of severity. 

5. (Currently Amended) The computer implemented method of claim 1 wherein 
the at least one standard severity risk index corresponds to the at least one business category. 
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6. (Currently Amended) The computer implemented method of claim 1 further 
comprising the step of determining a detection index based on the number of questions presented 
in the series of questions, the user's responses, and the number of users. 

7. (Canceled) 

8. (Canceled) 

9. (Currently Amended) The computer implemented method of claim 1 further 
comprising ranking the at least one business category based on the at least one total risk score. 

10. (Currently Amended) A computer based system for use in compliance 
management, comprising: 

a query module associated with an engine for presenting at least one user with a series of 
questions relating to at least one business category, and for soliciting and receiving responses 
from the at least one user for each question presented; 

a prioritization module associated with the engine for: (1) determining a detection index 
based on the number of responses to each of the series of questions, determining an occurrence 
index based on the potential consequence of non-compliance, and determining a standard 
severity risk index based on the expected severity of non-compliance, and (2) prioritizing the at 
least one business category based on the at least one user's responses and at least one total risk 
score comprising the product of a detection, occurrence and standard severity risk indices ; and 

an administration module associated with the engine for displaying the prioritized at least 
one business category and the at least one total risk score . 

1 1 . (Currently Amended) The computer based system of claim 10 wherein the series 
of questions are presented to the user over a communications network. 

12. (Currently Amended) The computer based system of claim 10 further 
comprising an the-administration module associated with the engine for inputting, updating and 
accessing data associated with the query and prioritization modules, the administration module 
being accessible to an administrator of the system via an administration interface. 

13. (Currently Amended) The computer based system of claim 10 wherein the user 
response comprises a "Yes" or "No" response. 

14. (Currently Amended) The computer based system of claim 10 wherein the at 
least one standard severity risk index comprises a number between 1 and 10 corresponding to a 
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specific level of risk. 

15. (Currently Amended) The computer based system of claim 14 wherein the 
number "1" comprises the lowest level of severity, and the number "10" the highest level of 
severity. 

16. (Currently Amended) The computer based system of claim 10 wherein the at 
least one standard severity risk index corresponds to the at least one business category. 

17. (Currently Amended) The computer based system of claim 10 wherein the 
detection index is based on the number of questions presented in the series of questions, the at 
least one user's responses, and the number of users. 

18. (Canceled) 

19. (Canceled) 

20. (Previously Presented) The computer based system of claim 10 wherein 
prioritization module further ranks the at least one business category based on the at least one 
total risk score. 

21. (Currently Amended) The computer implemented method of claim 1 wherein 
the detection is determined by the following formula: 

^]/(#of answers, ) 

Detection index = — , 

(d)(n) 

wherein i refers to each possible response, 

# of answers,- refers to the number of queries or questions that were answered with a 
particular response i, 

n refers to the total number of queries or questions in that category, and 

d refers to the number of departments or units responding. 
22. (Currently Amended) The computer implemented method of claim 1 , wherein the 
occurrence index weighs the total risk score based on the potential consequences of non- 
compliance. 
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23. (Currently Amended) The computer implemented method of claim 1 , wherein 
the potential consequence of non-compliance is based on the total number of agents or 
employees affected by non-compliance. 

24. (Currently Amended) The computer implemented method of claim 1, wherein 
the potential consequence of non-compliance is based on the total number of policies in force. 

25. (Currently Amended) A computer implemented method for use in compliance 
management, comprising: 

presenting, via a computer network, at least one user with a series of questions 
relating to at least one business category; 

soliciting, via the computer network, a response from the at least one user for each 
question presented; 

determining a detection index based dir e ctly on the number of responses to each 
of the series of questions; 

assessing a potential consequence of non-compliance, the potential consequence 
of non-compliance relating to parameters and the values of such parameters; 

determining an occurrence index based dir e ctly on the potential consequence of 
non-compliance that was assessed, such that the occurrence index changes as the parameters 
associated with the potential consequence of non-compliance change, the occurrence index that 
is determined being one of at least three possible occurrence indices, the at least three possible 
occurrence indices being provided as possible occurrence indices; 

determining a standard severity risk index based directly on the expected severity 
of non-compliance; and 

prioritizing, via the computer network, the at least one business category based on 
the at least one user's responses and at least one total risk score, the at least one total risk score 
being based on the detection index, the occurrence index, and standard severity risk index; and 
the total risk score being determined as equal to the product of the detection index, the 
occurrence index, and the severity risk index, such that the higher the total risk score, the more 
severe the risk of non-compliance; and 

wherein the determining being performed such that: 

the detection index weighing the total risk score based on the responses provided 
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to the individual questions; 

the occurrence index weighing the total risk score based on the potential 
consequences of non-compliance; and 

the severity risk index weighing the total risk score based on the expected severity 
of non-compliance; and 

the method further including associating each business category with particular detection, 
occurrence, and severity risk indices. 

26. (Currently Amended) The computer implemented method of claim 1 wherein 
the detection index is determined by a relationship between the number of queries or questions 
that were answered with a particular response, the total number of queries or questions in the 
category, and the number of departments or units responding. 
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